Risk Management

Atos Medical’s Risk Management process is strategically focused on contributing to the achievement of the business objectives as well as on securing the longevity of the business.

Introduction to risks

The overall objective of the Enterprise Risk Management Process is to identify strategic risks that may threaten the long term ability to fulfill the strategy, operational risks that may impact short term targets, as well as financial risks that relate to exposures in the financial operations.

Strategic Risks

Competitor Threat
• Technology Disruption
• Market Structure Risk

Operational Risks

• Production Disruption
• Supplier Disruption
• Quality and Product Safety
• Data Protection Risk
• IT Infrastructure Risk
• Cyber Security Risk

Financial Risks

• Currency Risk – Transaction Exposure
• Currency Risk – Translation Exposure
• Interest Rate Risk
• Liquidity and Financing Risk
• Credit and Counterparty Risk

Atos Medical Enterprise Risk Management Process

In Atos Medical, the impact and likelihood of strategic, operational, and financial risks are quantified and assessed, and for each risk an adequate response with concrete mitigating actions is defined and assigned to Risk Owners in the organization. Risks are monitored and regularly reported to the Audit Committee and the Board of Directors to provide them with a strategic tool for assessing whether target risks are at acceptable levels, and whether the defined responses are adequate.

Overview of risks and mitigation

Strategic Risks

Mitigating actions / policies

Competitor Threat. A new, low cost competitor with a global distribution set-up could impact the business. An existing competitor could improve their product portfolio and expand their distribution set-up.

Having systems to secure the highest product quality while maintaining best-in-class production costs and constant innovation to deliver new, leading edge products. Engaging directly with patiens as well as with HCPs to make us their preferred partner.

Technology Disruption. A novel, currently unproven technology could change the industry and impact the business negatively if HCPs and patients move to new technologies.

Constantly monitoring research and development changes and sustaining the focus on product quality and innovation to be leading edge in the field.

Market Structure Risk. Changes in health insurance levels, government and payor budget restrictions, and general health care regulation reforms may impact the business negatively.

Focusing on innovation of better products and securing clinical data that demonstrate the added value of products. Maintaining a best-in-class manufacturing cost structure to reduce sensitivity to changes.

Operational Risks

Mitigating actions / policies

Production Disruption. All products are manufactured in Hörby, Sweden; disruption due to catastrophic events could impact the Group trough property damage, short term loss of revenue and long term loss of business.

Maintaining fire and emergency protocols that are always up-to-date. Maintaining adequate insurances.

Supplier Disruption. A major supplier of production materials being interrupted due to e.g. catastrophic events or bankruptcy could impact the business negatively through short term loss of business.

Having adequate contracts in place with suppliers and do suppliers audits. Keeping suppliers of production materials at low volume, and focusing on in-sourcing large volume supply. Maintaining adequate insurances.

Quality and Product Safety. A product non-conformity leading to a major product recall or an adverse effect related to an Atos product that negatively impacts the life and health of one or more patients could impact our business negatively through recall costs, financial and reputational damage, and short and long term loss of business.

Operating an ISO-certified quality management system. Undergoing authority inspections and internal quality audits on an ongoing basis. Indentifying issues, finding and correcting root causes. Maintaining adequate insurances.

Data Protection Risk. The Group processes large amounts of sensitive personal data, including patient health information. A major leak, a major breach, or systematic data protection failures could impact the business directly (fines) and indirectly (lack of trust leading to loss of business).

Maintaining Personal Data Protection policies, Data Processing Agreements, and solid global and local processes. and compliant forms and policies for patient consent in place. Training all employees, globally and locally. Maintaining organizational and technical security measures. Monitoring and preparing for new regulations (GDPR Project in progress).

IT Infrastructure Risk. Day-to-day operations are dependent on IT infrastructure, incl. CRM, ERP, and BI; disruption due to system failure or breakdown could impact the group through direct repair and re-establishment costs, short term loss of revenue, and long term loss of business.

Keeping IT operations outsourced to realize scale and expertise benefits. Ensuring technical and organization security (incl. back-up, recovery, and re-instatement). Auditing suppliers.

Cyber Security Risk. Day-to-day operations are dependent on IT infrastructure, incl. CRM, ERP, and BI; disruption due to hostile intervention such as e.g. ranswomware attacks could impact the group through direct re-establishment cost, short term loss of revenue, and long term loss of business.

Keeping IT operations outsourced to realize scale, expertise, and secure infrastructure benefits. Ensuring technical and organization security (incl. back-up, recovery, and re-instatement). Auditing suppliers. Securing adequate supplier contracts. Testing cyber-resilience through external experts.

Financial Risks

Mitigating actions / policies

Currency Risk – Transaction Exposure. The largest exposure to currency risk stems primarily from the group’s purchases and sales denominated in foreign currencies, so-called transaction exposure.

Pursuant to the group’s policy, this transaction exposure has not been hedged via the use of currency derivatives.

Currency Risk – Translation Exposure. Currency risks also appear as a result of the translation of the income statements and balance sheets of foreign subsidiaries into the group’s functional currency (SEK).

Pursuant to the group’s policy, hedging of net investments is not employed. The group’s organizational structure, which consists of centralized production and subsidiaries that serve solely as sales units, limits the translation exposure.

Interest Rate Risk. Interest rate risk refers to the risk that either the fair market value or future cash flow fluctuates as a result of changes in prevailing market interest rates. The group is primarily exposed to interest rate risk through its debt financing. Since the loans have variable interest rates, the group’s future financial expenses are affected by fluctuations in the prevailing market rates.

Pursuant to the financial policy, 50% of the interest rate risk (excl. PIK loan) is hedged. Hedge accounting has not been used.

Liquidity and Financing Risk. The risk that the group has issues meeting its obligations with respect to its financial debts. Financing risk refers to the risk that the group is unable to raise adequate financing at a reasonable cost.

Liquidity planning and monitoring is centrally managed. Financing requirements are regulated by a loan agreement with a bank syndicate, which also ensures additional financing for acquisitions, etc.

Credit and Counterparty Risk. The risk that the counterparty in a transaction causes the group to incur a loss by failing to perform its contractual obligations. The group’s exposure to credit risk is primarily attributable to accounts receivable.

Credit reports are run for new sales as needed. A large part of the group’s sales are made to public sector institutions, such as hospitals or government agencies in the various countries, which limits risk.

For a more detailed account of the financial risks, see Note 3.